Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

A better solution would have been to not fine the organisation but to use the clause of the data protection act that allows individuals to be held responsible and fine the contractor for being so negligent as to store personal data insecurely and anyone at the organisation who allowed it.

It's about time that some of these organizations (including banks and others) who store personal data were held responsible for their lack of security. It has been a real problem.

Let's leave the politics out of it. The organization messed up, resulting in potential harm to the public who used its services. The court wants to hold them responsible for their messup. End of story.

This wasn't a corporate site nor was it a medical services site. This was a non-profit charitable organization. Suppose I set up a website of my own, not for profit, in which I provide information on where to get an abortion. Suppose I don't secure my web server enough and a hacker gets a copy of my access.log files and is thus able to determine who visited my site and suppose they publish that information. Would I be subject to big fines as well? What if it was a website about some other subject like building model trains? I understand in this case the hackers probably got more than just IP addresses, but where exactly is the line drawn? Is anyone who has a website in danger of running afoul of these laws?

Maybe in the UK, the topics of abortion and politics can be separated, but in the US it definitely can't be. Moreover, the charity itself says it was an anti-abortion activist, and that the ruling rewards the criminal. So it's already political from the summary.

I suppose since we don't read the summary anymore, we may have been able to take it BACK from political. I can see how from the title, one might think it was a bank that was being punished.

As far as I know, the line is drawn when you start storing personal data. They were keeping the name, address, date of birth and telephone number of people who were looking for advice and they weren't keeping it securely. A typical web server won't be storing anything more than IP addresses and browser types so you won't get into trouble for storing personal data without following the relevant laws.

"Sorry, the anti-abortion issue is very political and this is a heavy handed fine on a charity."

Well, I'm not that familiar with UK law, but like the U.S. it is still Common Law tradition.

Why is it a "heavy-handed" fine? It seems to me that when an organization endangers members of the public via negligence, they should receive a penalty that is sufficient to motivate them to change their practices.

It seems to me that the annual salary of a couple of professionals, who probably ought to be fired anyway, seems about right.

Absolutely true, but it's also worth pointing out that the charity didn't really disclose anything, they were hacked. In contrast, RBS continued to release financial data via fax for years after it was warned.